Privacy Protection for
Children's Services
Self-Guided Learning Package
This resource was developed by Community Child Care (CCC) with funding provided by the Australian
Government Department of Education, Employment and Workplace Relations under the Inclusion and
Professional Support Program (2008-12).
The Inclusion and Professional Support Program is funded by the Australian Government Department of
Education, Employment and Workplace Relations.
© Community Child Care Victoria 2011
-1-
About Self-Guided Learning Packages
Self-Guided Learning Packages can be completed in your own time and convenience and offer an
alternative to attending training sessions. This package aims to develop skills and knowledge that will be
valuable to you in providing quality education and care programs. Packages are often used for professional
development by staff teams, networks and other groups of children’s services professionals. You can work
through the package with colleagues by reading the package together, discussing the information and
collaborating to complete the one assessment task.
Gowrie Victoria Leadership and Learning Consultants are available to support you while working through
the package. Feel free to phone or email if you require any assistance completing the tasks within the
package. Phone 1800 103 670 (freecall) or (03) 9347 6388 or email [email protected]
© Community Child Care Victoria 2011
-2-
Privacy Protection for Children's Services
You have chosen to complete the ‘Privacy Protection for Children's Services package’. Recent legislative
changes have placed new obligations on organisations, including children's services, in protecting the
personal privacy of individuals. Completion of this training package will assist you in enabling your service
to meet these obligations.
An Overview of Privacy Legislation
State and Commonwealth privacy legislation place obligations on organisations regarding the protection of
personal and health information.
In Victoria, the following pieces of legislation relate to general privacy:
 Victorian Information Privacy Act 2000
 Victorian Health Records Act 2001
 Victorian Charter of Human Rights and Responsibilities Act 2006
 Victorian Freedom of Information Act 1982
 Victorian Public Records Act 1973
 Victorian Surveillance Devices Act 1999
 Victorian Telecommunications (Interception) (State Provisions) Act 1988
 Commonwealth Privacy Act 1988
Each Act sets standards in relation to the management of information. In particular, Victorian organisations
that are obligated to protect their client’s personal information could be covered by up to three pieces of
recent privacy legislation:
1. Victorian Information Privacy Act 2000 (IPA),
2. Victorian Health Records Act 2001 (HRA), and
3. Commonwealth Privacy Act 1988 (PA).
Commonwealth Privacy Act 1988 (PA)
This Act regulates the handling of personal information and applies to all private sector organisations and
those which are contracted to provide a service to the Commonwealth government, including health
service providers.
Under current funding arrangements, children’s services are defined as contracted service providers on
behalf of, not to, the Commonwealth, which would normally exclude community managed services being
covered by the Act. The Child Care Service Handbook 2010-2011 is a National publication, so to adequately
resource each state and territory the publication outlines the Federal Government’s requirement for
Australian Children’s services to adhere to the National Privacy Principles (NPP’s) as a condition of being
eligible to provide Child Care Benefit.
Victorian Information Privacy Act 2000 (IPA)
This Act protects personal information (excluding health information) held by Victorian government
agencies, statutory bodies and local councils and some of the organisations contracted to provide services
to state government, for example, preschool services.
Whether the PA or the IPA covers your service will depend largely on whether or not your service is
privately operated, and whether it provides a service for the State Government.
© Community Child Care Victoria 2011
-3-
Victorian Health Records Act 2011 (HRA)
This Act applies to all organisations which provide a health service or which hold health information about
individuals, irrespective of size, or whether they are privately, government or community operated. It
recognises the sensitive nature of health information, and places additional protections on the handling of
information, including enforcement mechanisms for breaches of privacy standards.
This Act focuses on the collection and handling of personal health information about individuals involved in
your service, which would include health information relating to employees, as well as that relating to
families, children and others involved in your service (e.g. committees of management, volunteers).
All Children’s Services in Victoria, whether private or community owned and regardless of their type of
service, will be bound by the terms of the Victorian Health Records Act due to the practice and requirement
that health information will be collected as part of the operation of the children’s service.
Summary
There are some important differences between each Act. Some of the definitions used in each Act may
vary, for example:
 The definition of personal information within the PA, and the IPA differs, as may the application of
some of the principles.
 The HRA and the PA include information which may or may not be in a recorded form, whilst the
Information Privacy Act (IPA) only refers to recorded information.
There are broad similarities across the legislation. However, in order to accommodate some differences in
the privacy principles and definitions, this self-guided learning package reflects a composite of the
principles, with the intention of encouraging a best practice approach in the protection of personal and
health information.
A comparative table of organisation responsibilities under the three Acts is available through
Information Sheet 09.02 ‘Comparative Table of Organisation’s Responsibilities Under Australian Privacy
Legislation’ at www.privacy.vic.gov.au.
Ensure that you are familiar with the acronyms and the terms of the Acts which apply to your service, and
that you have obtained copies of legislation which affect your service.
For further information and to clarify which legislation your service is bound by, see the contact details on
the References and Resources page in this package.
Self Help Question 1
Identify the privacy legislation which applies to your children’s service and obtain a copy of the relevant
legislation. Make a list here and document where these were accessed from. Document the date of the
most recent amendments pertaining to each piece of legislation.
© Community Child Care Victoria 2011
-4-
Information Privacy Principles (IPPs)
Each Act contains a set of ‘privacy principles’ which outline the obligations established by the legislation.
The effective discharge of your obligations under relevant Acts will require that you are familiar both with
these principles, as well as with the terminology used in the legislation. There are some differences
between the Acts on the definition of information.
Definitions
Key definitions are provided below which have been adapted from the information privacy legislation:
Personal information
Personal information is defined as information which may be recorded in any form and in any environment
(whether conventional, digital or electronic), which identifies an individual, or individuals, in such a way
that they may be identified by that information. This includes paper, electronic and digital records,
photographs and video recordings. It also includes both information and opinion about an identifiable
individual, whether true or not. Information is also defined further as information or opinion which can
form part of a data base and which can be recorded in a material form or not. Examples of personal
information include information on family care arrangements, Child Care Benefit information and contact
details.
Health information
The Health Records Act defines health information as facts or opinions about an individual’s physical,
mental or psychological health or disability, which is also classed as personal information. This could include
information about an individual’s health status, medical history, fitness levels, weight, height etc. As with
the definition above for personal information, personal health information may include fact or opinion, and
can be recorded either materially or not, or in all environments, whether conventional, electronic or digital.
For children's services, this could typically include information on special needs, accident and illness
reports, allergy and medication requirements. It could also include information about the health of parents
or educators.
Sensitive information
This is defined as information relating to a person's racial or ethnic origin, political opinions, religion, trade
union or other professional or trade association membership, sexual preferences or criminal record, which
is also classified as personal information about an individual. There are strict requirements that this
information is protected and not required for collection, unless under very specific exceptions. Examples of
these exceptions include where the individual has already consented to disclosure, where disclosure is
required under law, or where disclosure is required to lessen the immediate and serious threat to the
health or well being of the individual.
Unique Identifiers
The use of the term ‘identifiers’ relates to a way of identifying individuals (typically through assigning a
series of numbers and/or letters to an individual) other than by the use of their name, for example,
Customer Reference Numbers used by Centrelink, and Tax File Numbers. Under the legislation, unique
identifiers are not to be assigned unless the individual has given consent, or unless this is necessary to the
function of your organisation, or to another organisation's functions. The purpose for which 'unique
© Community Child Care Victoria 2011
-5-
identifiers' (such as Customer Reference Numbers) are used in your service should be clearly outlined in
your privacy collection statement.
Information Privacy Principles
The key focus of each Act is on what may be termed ‘information privacy principles’. There are some
differences across each Act, for example, whether or not the privacy principles cover material or nonmaterial information.
For further detail, a comparative table on the three Acts has been prepared in an information sheet
available from the office of the Victorian Privacy Commission, or the Commission website (see References
and Resources page in this self guided learning package).
If your service is only bound by the Health Records Act, you can choose to apply the principles on the next
page solely to the collection and use of personal health information. Alternatively, if you are also bound by
the Information Privacy Act (Victoria), or by the federal Privacy Act, and if you wish to standardise your
approach to all personal information, you will need to apply the principles below to all information held
about persons who use, or are involved in your service.
Principle
Collection
Obligations
Your service only collects information which is necessary to the
performance of its functions or activities (for example, records which
meet the requirements of Children's Services Regulations and/or National
Standards).
Wherever reasonable, practicable and within the requirements of the
legislation, your service ensures that information from an individual is
only collected with his/her consent, and is collected directly from that
individual.
Information is collected unobtrusively and in a fair and lawful way e.g. not
forcefully, or secretively, or in such a way that such information may
become disclosed to unauthorised persons during its collection.
At the time that information is collected and upon request, your service
ensures that individuals are made aware of:

his/her rights to access to the information about themselves;

why the information is being collected;

who else you might give it to;

avenues for complaints.
Use and
Disclosure
Data
Quality
Comments
The IPA does not require consent.
Instead, there is a focus on the need to
apply standards, and collect
information in a fair and reasonable
way.
There may be instances where the
collection of information is required to
meet legal obligations, or where failure
by an individual to provide information
would have a. This should be clearly
communicated to parents if it is an
issue.
Under the PA, sensitive information is
not to be collected unless prescribed
exemptions apply, see PA privacy
principle 10
For example, your service privacy collection statement might say that
specific information on children is collected in order to manage health
needs, deliver appropriate programs and meet administrative
responsibilities.
Your service only uses the information for the primary purpose for which
it has been collected, unless specified exemptions apply, for example,
where disclosure is made for law enforcement purposes, with an
individual’s consent, or where authorised or required by law. (See Health
Privacy Principle 2.)
If information is used or disclosed outside of the main purpose for which it
has been collected, your service keeps a record of who it was disclosed to,
when, and for what purpose.
If personal information is collected from someone other than the
individual to whom the personal information relates, your service has a
clear statement which indicates that it would notify the individual of this,
(unless legislation clearly states otherwise).
Your service has procedures in place to ensure that all information is
accurate, complete, up to date, and relevant to your functions or
activities.
© Community Child Care Victoria 2011
-6-
Security of
Information
Correction
Access
Openness
Use of
Identifiers
Anonymity
Transfer of
Information
Procedures are in place to ensure that information is protected from
misuse, loss, unauthorised access, modification and disclosure, (that is,
that you have established the secure storage and maintenance of records
and information).
Procedures are in place to destroy, or permanently de-identify personal
information once it is no longer needed for the purpose for which it was
collected.
Individuals are able to have personal or health information corrected
where it does not meet the standards of being accurate, complete and up
to date.
Changes are recorded clearly.
Individuals have the right of access to information about themselves.
Information is only withheld from an individual who requests access if
particular circumstances apply that allow access to be limited, including
emergency situations, specified business requirements, and law
enforcement or other public interests. Individuals should be informed of
their rights of access at the time of the collection of information.
Non-health service providers must
retain health information for as long as
lawful purposes require (see Health
Privacy Principle 4).
Destruction of health information must
be in accordance with prescribed
requirements.
Under the HRA, there cannot be any
deletion of personal information.
Amendments can be made; although
these must be clearly indicated (i.e.
information can be corrected but not
erased.)
An example of a common exception to
access might include a case where you
have reason to believe that someone
may be requesting access for their own
purposes (other than those stated),
such as an absentee parent seeking
information to contact the other
parent.
Your service has clearly expressed policies on the management of
information on an individual. This is expressed openly and made available
to all individuals about whom information is, or may be, collected.
Identifiers are assigned only in prescribed circumstances where consent
has been given, and where this is necessary for the organisation to
function effectively, and in accordance with requirements of the
legislation.
Examples of identifiers include Customer Reference Numbers, Tax File
Numbers, and Health Care Card Numbers.
Wherever lawful and practicable, individuals are given the option of
anonymity.
Information is only transferred outside of Victoria or Australia with
consent, or where it is necessary for contractual reasons, where it is for
the benefit of the individual and it is impracticable to obtain consent or, in
cases where consent cannot be obtained, the individual could be
reasonably expected to have given consent and it is necessary under law.
Self Help Question 2
Using a separate piece of paper, conduct a privacy audit of your children's service to identify areas where
you are/are not meeting privacy requirements in relation to the personal and health information of
individuals. In doing so, it would help to give consideration to:
What sort of information you collect and for what purpose;
How information is collected;
How information is stored and secured;
Who has the right to use and disclose information;
Whether there are measures in place to prevent unauthorised access;
Whether you have established a structure and a timeframe for the disposal and/or retention and storage of
information;
Whether individuals are aware of the information collected, how it is used and disclosed, and their rights of
access to information about themselves;
Whether the information is kept accurate, complete and up to date.
© Community Child Care Victoria 2011
-7-
Practical Implementation for Children's Services
Once you have conducted a privacy audit, the next step is to consider the practical implications for your
service. For children's services, there are some very specific matters which need to be addressed to ensure
that personal and health information is protected, whilst at the same time, the service is able to function
effectively. In addressing these issues, the main object is to ensure that your service can demonstrate that
it has taken reasonable steps to protect the privacy of personal and health information of individuals.
Compliance with the legislation will require, for example, that your service undertake action as described
below:
Privacy Principle
All principles
Security of Information
Collection
Openness
Action required
Develop and distribute your privacy collection statement.
Conduct a review of the security of information and establish secure
storage and maintenance of personal information, for all environments
(i.e. conventional, electronic and digital).
Establish consent for the use and collection of information and identify all
areas where this is required.
Develop consent forms, or incorporate consent requirements into annual
enrolment forms, job applications forms etc.
Develop and promote your service’s privacy policy.
Types of Information Required
There are many ways in which personal information is collected, and disclosed in children's services.
Consequently, you will need to consider how privacy legislation impacts on the type of personal
information you display and hold about individuals. Examples of these include accident and illness records,
other health records such as information on allergies, special needs, and disabilities, attendance books,
enrolment and job application forms and records, educators’ records, display of children’s photos, and
other visual material, (including digital photos), full identification of children by birth date and name,
display of children’s artwork, and display of program plans with identifiable information on children. A
practical discussion of these areas follows:
Attendance Sheets
While a contact number is needed for access by educators, there is no requirement under the Children's’
Services Regulations that this be included on an attendance sheet, and it could be considered an
infringement of privacy principles should consent not be given. Procedures could include a statement on
the attendance book that writing this information is not compulsory but contacts must be given to
educators in case contact is required during the day, or by stating clearly at the time of enrolment that such
information may be required on an attendance book, and the reasons for this, such as the need to facilitate
fast communication.
Accident, Medication, Allergy and Illness Records
It is a good policy to ensure that information required for medication and illness record books on each
child/family is collected and stored separately (i.e. not be visible to other individuals). One approach is to
have a separate page for each child/family, and to ensure that authorised educators present the specific
page to parents for signing/witnessing. An alternative option is for educators to make a written request on
attendance books for parents to speak with them about these matters, and then to refer them to the
accident/illness book.
© Community Child Care Victoria 2011
-8-
Should a parent not consent to public display of health information (e.g. allergies) of a child, consider
alternative ways of ensuring that educators and all those caring for the child are aware of this information
whilst ensuring the protection of this information, and the safety of the child.
Display of Information about a Child
Display of information about a child may relate to display of a child’s birth date, photos of family, and/or
personal information relevant to program and activities which is on display. If this sort of information is
generally exhibited, parents should be given the opportunity to opt out. Otherwise, consent should be
sought prior to being displayed (for example at the time of enrolment). Explaining to parents that the
service may take photos of the children during activities, and display them, and there may be use of
personal information to help with programming (e.g. likes/dislikes, names of family members etc).
Use of Surnames
Public display of children's surnames without consent is to be avoided. Instead, it is suggested that the first
name and initial of the surname be used.
Distribution of Invoices
Placing invoices in display pockets is a standard practice in some services. It is recommended that invoices
be put in sealed envelopes. Both the PA and the IPA state that organisations must take reasonable steps to
protect personal information. Reminder letters might be treated differently. For example, be sent by
registered post as an insurance against the possibility that individuals may not have received the first
invoice. Sending information such as this might be appropriately sent by registered post.
Enrolment and Job Application Forms
In considering all instances where display of personal information may be an issue, ensure that you seek
consent through the development of appropriate forms. Such statements could be included as part of
standard application and enrolment forms.
Awareness of Privacy Policies & Procedures
Identify some strategies for ensuring awareness of your privacy policy – for example in a family handbook,
and/or enrolment form, educators’ handbook, display on your service website, educators training.
Consider the needs of individuals from culturally and linguistically diverse backgrounds and those with
literacy difficulties in communicating this information effectively.
Inform individuals of their rights of access to information about themselves, and of the ways in which they
can do this, for example, through the viewing of records, taking a photocopy, taking notes, providing a
summary of records, letting the individual take copies away or inspecting all information on record.
Clearly, children have rights of access to information about themselves through their parents.
Privacy Collection Statement
The development of a privacy collection statement should be regarded as the first step for services in
ensuring individuals are aware of privacy practices and procedures. Such a statement should include
statements on:
a. how information will be collected, used, managed, disclosed, and transferred;
b. how information can be accessed by individuals;
c. the purpose for which information is collected, the circumstances under which information may be
disclosed, and to whom, or which organisations, it may be disclosed;
d. the possibility that it may be deemed necessary to collect other information at a later stage
© Community Child Care Victoria 2011
-9-
The collection statement should be provided at the time that information is being collected, or before; and
on occasions when additional information is sought (for example, if a child has an accident, or exhibits any
concerns with learning).
At the time of job or child care applications being made, ask individuals if they have any concerns about the
way in which personal information might be used. At this point it would also be important to refer to the
service privacy policy and make this available.
Secure Storage of Information
Security policy and security procedures included as part of your privacy policy will assist in addressing
potential for unauthorised access, modification, disclosure or loss. Some strategies should include:
 Establishing appropriate controls over all environments, whether conventional, digital or
electronic;
 Training educators in security awareness;
 Establishing effective controls for computer access (e.g. passwords, anti-virus software,
screensavers, firewalls);
 Securing all personal records (educators, management and families);
 Ensuring secure methods of disposal or de-identification of personal information;
 Keeping a register of all persons who have access to personal information;
 Establishing secure storage of archived information;
 Establishing secure disclosure within your organisation.
While it is crucial that all individual records are always kept secure, there are clearly times in a children’s
service when this might make access difficult. Given that there can be situations when ready access is very
important, this is a concern, especially where educators may not have easy access to centrally filed records.
One way of approaching the secure storage of enrolment records is to store each child's record securely in
the room they are using with only authorised educators having access. For OSHC services, consider the
security of school facilities, and what avenues exist for accessing central school storage, especially for
records which are not needed on a day-to-day basis, or for children who no longer attend the service.
Ensuring that office space is not left unattended with access to personal information (e.g. files), and
keeping personal records stored in locked filing cabinets should be considered as basic requirements for
the safe and secure handling and storage of information. Information transferred out of the premises
should also be kept secure.
This principle also extends to situations involving verbal discussions. Avoid situations where personal
information about an individual could be inappropriately disclosed in an open setting, such as during an
interview.
Self Help Question 3
a) On a separate piece of paper, develop your own privacy collection statement that could be used at your
service;
b) On a separate piece of paper, develop your own consent forms which may be required so that your
service meets responsibilities under privacy legislation; and
c) List your services current policies that relate to privacy principles
© Community Child Care Victoria 2011
- 10 -
External Requests for Information
At times, children’s services may be approached for personal information about an educator, parent, child
or other individual involved in the service.
The primary requirement under the legislation is that disclosure can be made where there is informed
consent. However, where no consent has been given, there are specified circumstances which determine
when disclosure may occur.
Organisations are authorised to disclose personal information to external organisations where consent has
been given by the individual, or where the other organisation can provide evidence that it is required under
law, that it meets other exemptions under the relevant principles in the privacy legislation (for example
where disclosure is necessary to prevent an immediate and serious threat to a person’s life, health, or well
being and/or that it is required for law enforcement purposes). The specific principles involved here are
those on the disclosure and transfer of information.
Regarding the release and use of all personal information, all other laws will override privacy legislation,
such as child protection legislation and family law.
Monitoring and Compliance
There are a number of ways in which each of the Acts ensure compliance and monitors the protection of
personal and health information. This includes:





conducting audits, investigating organisations and monitoring their reports;
issuing compliance notices;
via a complaints mechanism. The Commissioners have the power to receive complaints and
conciliate on complaints
issue penalties for non-compliance;
making general comments about privacy matters in the media, and making statements regarding
an organisation's reputation as a deterrent.
The Health Services Commission is currently looking at developing a self-monitoring tool to assist
organisations in assessing whether or not they are complying with the Act. You should ensure that you have
advised individuals of avenues for complaints as a matter of practice, and that your service is open about its
procedures for the handling of personal and health information.
Developing a Privacy Policy
The development of a privacy policy is regarded as an essential step in ensuring that your service complies
with privacy legislation. This should briefly outline the privacy principles with which your service needs to
comply.
Be clear about the need for all personal and health information to be adequately protected. Information
which may require additional protection could relate to custody and access issues, intervention orders,
special needs and support requirements, health status (e.g. communicable diseases such as AIDS,
hepatitis). It is essential that all educators are adequately trained in, or knowledgeable about, the impact of
privacy legislation. Awareness of the service privacy policy will provide a foundation for this. The policy
© Community Child Care Victoria 2011
- 11 -
should also provide families, educators and others involved with the service, with all they need to know
about the management of information about themselves and their children, and should be kept as clear as
possible. Have one policy which deals with all matters relating to how your organisation manages the
personal and health information of individuals.
Key components of a privacy policy should be expected to include:
 An explanation of the legislation which applies to your service
 A description of key definitions used in the legislation
 A statement of commitment to the protection of personal and health information
 A statement that the policy applies to all persons involved in the operation of the centre
 Statements regarding:
 the scope and type of personal information to be collected;
 the purpose for which information is to be collected;
 circumstances under which individuals can access personal information and ways in which
this can be accessed;
 use of identifiers;
 circumstances under which personal information might be disclosed;
 treatment of sensitive information;
 processes for the safe management and secure storage of information;
 review and correction of information;
 guarantees of anonymity (wherever lawful and practicable);
 procedures for the disposal or de-identification of personal information when no longer
needed;
 your service’s complaints mechanism;
 steps for an individual person to take if they are seeking access to information about
themselves.
It is important your service has its own policy, relative just to the children’s service. There may be other
organisations whose own policy will affect your service policy because of the relationship which you have
with that organisation, such as your sponsor, or local council. For OSHC services, consult with your school,
council, parish, or other sponsoring body. For Long Day Care, Family Day Care, In Home Care or Occasional
Care services, you may need to consult with your local council, sponsor or with affiliated centres. It may be
helpful to gather together material which other organisations have developed to get some ideas about how
you would want to present your privacy policy.
You may also need to have regard to the requirements of the funding body, as well as that of the
management body of your service.
Once you have developed your policy, consider the ways in which this could be displayed and promoted,
such as at your service (e.g. notice board), on your service website (if applicable), including a statement in
your service brochure and through your family handbook. The policy needs to be available to anyone who
asks for it, not just those using the service, so ensure that it is a prominent part of the information you
provide to all involved in your service.
© Community Child Care Victoria 2011
- 12 -
Useful contacts
Health Services Commissioner
Information 03 8601 5200 or 1800 136 066
www.health.vic.gov.au/hsc
Victorian Privacy Commissioner
Information 03 8619 8719 or 1300 666 444
www.privacy.vic.gov.au
Australian Privacy Commissioner
On 1 November 2010 the Office of the Australian Privacy Commissioner (regulatory body of the PA) was
integrated into the Office of the Australian Information Commissioner (OAIC). An interim site for the OAIC
is available at www.oaic.gov.au, however the federal www.privacy.gov.au website site will be maintained
until a site incorporating all OAIC material is established.
Australian Government Department of Education, Employment and Workplace Relations (DEEWR)
www.deewr.gov.au
Victorian Government Department of Education and Early Childhood Development
www.education.vic.gov.au
Victorian Curriculum and Assessment Authority
www.vcaa.vic.edu.au
© Community Child Care Victoria 2011
- 13 -
References and Resources
Carey, B. (2002). Info Sheet 09.02: Comparative Table of Organisations’ Responsibilities under Australian
Privacy Legislation. Melbourne, Vic: Office of the Victorian Privacy Commissioner.
Charter of Human Rights and Responsibilities Act, No. 43 of 2006, State of Victoria (2006).
Department of Education and Early Childhood Development. (2009). Victorian Early Years Learning and
Development Framework: For all children from birth to eight years. Melbourne, Vic: Author.
Department of Education, Employment and Workplace Relations. (2010). Child Care Service Handbook 2010
- 2011. Barton, ACT: Author.
Department of Education, Employment and Workplace Relations. (2009). Belonging, Being & Becoming: The
early years learning framework for Australia. Barton, ACT: Author.
Department of Education, Employment and Workplace Relations. (2010). My Time, Our Place: Framework
for school age care in Australia - Draft for consultation. Barton, ACT: Author.
Freedom of Information Act, No. 9859 of 1982, State of Victoria (1982).
Health Privacy Principles (Victoria). (n.d.) Retrieved 21st July 2011, from
http://www.latrobe.edu.au/privacy/assets/downloads/hpps_vic.pdf
Health Records Act, No. 2 of 2001, State of Victoria (2001).
Information Privacy Act, No. 98 of 2000, State of Victoria (2000).
Information Privacy Principles. (2011) Retrieved 21st July 2011, from
http://www.privacy.vic.gov.au/privacy/web2.nsf/pages/information-privacy-principles
Privacy Act, No. 119 of 1988, Commonwealth of Australia (1988).
Public Records Act, No. 8418 of 1973, State of Victoria (1973).
Surveillance Devices Act, No. 21 of 1999, State of Victoria (1999).
Telecommunications (Interception) (State Provisions) Act, No. 46 of 1988, State of Victoria (1998).
© Community Child Care Victoria 2011
- 14 -
Assessment Task
1. Identify the relevant legislation and acts that apply to your children’s service
2. Develop a draft privacy policy for your service which includes privacy principles and how
they will be implemented
(Use additional pages, if required)
3. Provide three strategies of how you could inform families who use your service about the
privacy policy
4. The Education and Care Services National Regulations 2010 Exposure draft refers to 3 pieces
of Commonwealth legislation. Download the Exposure Draft and list these pieces of
legislation. In the same document, find and list the relative administrative tribunal for
Victoria.
5. The EYLF and the FSAC encourage service providers to respect the diversity of families and
communities’ aspirations they hold for their children. Access a copy of either the EYLF or the
FSAC and locate in the document where this is discussed, and provide 3 examples of what
personal information you might collect regarding this principle that could be protected by
the privacy legislation.
6. The VEYLDF supports the Transition: A positive Start to School Initiative. Access a copy of this
document and locate where learning and development would be documented for the
transition from an early years service to school. Provide 3 examples of the personal
information collected in this capacity that could be protected by the privacy legislation.
© Community Child Care Victoria 2011
- 15 -